-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(certificatemanager): key algorithm support for PrivateCertificate
and Certificate
#28597
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request
. Additionally, if clarification is needed add Clarification Request
to a comment.
* If you need to use an algorithm that doesn't exist as a static member, you | ||
* can instantiate a `KeyAlgorithm` object, e.g: `new KeyAlgorithm('RSA_2048')`. | ||
*/ | ||
export class KeyAlgorithm { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Allowed values are: RSA_1024 | RSA_2048 | RSA_3072 | RSA_4096 | EC_prime256v1 | EC_secp384r1 | EC_secp521r1
but I only included RSA_2048 | EC_prime256v1 | EC_secp384r1
since imported certificate does not exist in CloudFormation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally I feel like that's the right thing to do for now too. Having the ability to create additional values probably makes up for any edge cases that could come up.
/** | ||
* Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. | ||
* | ||
* @default KeyAlgorithm.RSA_2048 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If keyAlgorithm
is undefined
, then the default algorithm is RSA_2048
according to doc
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your work on this! I see the PR is still in draft but I happened to be working on something similar so I hope you don't mind getting some comments now 😄
This is a really great addition for certificates!
...-testing/framework-integ/test/aws-certificatemanager/test/integ.certificate-key-algorithm.ts
Outdated
Show resolved
Hide resolved
* If you need to use an algorithm that doesn't exist as a static member, you | ||
* can instantiate a `KeyAlgorithm` object, e.g: `new KeyAlgorithm('RSA_2048')`. | ||
*/ | ||
export class KeyAlgorithm { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally I feel like that's the right thing to do for now too. Having the ability to create additional values probably makes up for any edge cases that could come up.
PrivateCertificate
and Certificate
Appreciate the feedbacks!! I've added all your PR suggestions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @longtv2222! This looks good to me! This will be a super helpful feature!
PrivateCertificate
and Certificate
PrivateCertificate
and Certificate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @longtv2222 and @kylelaker!
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Add support for key algorithm when requesting a certificate
keyAlgorithm
support forDnsValidatedCertificate
is not supported since the construct was deprecated. Added a warning if user tries to usekeyAlgorithm
for the construct instead.CloudFormation docs for key algorithm.
Closes #22887.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license